1、APT28使用Mac木马Komplex攻击航空航天工业
标题:Sofacy’s ‘Komplex’ OS X Trojan
作者:September 26, 2016 11:00 AM By Dani Creus, Tyler Halfpop and Robert Falcone
//BEGIN
Unit 42 researchers identified a new OS X Trojan associated with the Sofacy group that we are now tracking with the ‘Komplex’ tag using the Palo
Alto Networks AutoFocus threat intelligence platform.
研究小组Unit42小组发现了一个新的能在OS X中运行的木马,该木马与组织Sofacy(也称APT28)相关,该木马在安全公司的威胁情报平台中被称为Komplex。
//END
The Sofacy group created the Komplex Trojan to use in attack campaigns targeting the OS X operating system – a move that showcases their
continued evolution toward multi-platform attacks. The tool is capable of downloading additional files to the system, executing and deleting
files, as well as directly interacting with the system shell. While detailed targeting information is not currently available, we believe Komplex
has been used in attacks on individuals related to the aerospace industry, as well as attacks leveraging an exploit in MacKeeper to deliver the
Trojan. The Komplex Trojan revealed a design similar to Sofacy’s Carberp variant Trojan, which we believe may have been done in order to handle
compromised Windows and OS X systems using the same C2 server application with relative ease.
APT28组织借用这个Komplex木马攻击OS X操作系统,这显示了其朝着多平台攻击的方向迈出了重要的一步。该木马能在被攻击的电脑中下载、运行甚至删除文件,同时
也能与操作系统的System Shell进行交互。虽然目前细节不得而知,但是研究人员确认该木马被用来对航天工业行业的个人发起了攻击,同时借道其他的木马传送各种
有害程序或木马。而且该木马的表现出与以前的Carberp木马类似,而后者已经跨平台攻击Windows和OS X两个系统,一个细节是:其利用的C2服务器是同一个。
点评:苹果电脑也许是个方向。 |